Ransomware - Did you update your incident response plan?

At the beginning of 2016 an article was published about the increasing threat of ransomware and provided advice on having an incident response plan that is ready to face this emerging threat. Our article focused on tips related to prevention, response and evading extortion. If you did not have a chance to read our article from January, we recommend that you read it as soon as possible.

Now, at the end of the first quarter of 2016, it is evident that ransomware has become a headache for those who did not take all the necessary precautions to avoid being the next target. Recently, the FBI released a statement to The Wall Street Journal that ransomware is a prevalent and increasing threat. As this recent article describes, attackers are trying new approaches to infection, such as ransomware ‘malvertising’, and have succeeded in creating the first Mac OS X ransomware.

Have a plan, Be Prepared
Due to the fact that it is not easy to deal with the situation after an organisation is hit by ransomware, the best course of action is to ensure there is a backup plan in place. It might come as a surprise but in order to understand the seriousness of the situation, consider that an official in the FBI’s Boston field office went against normal FBI policy and suggested to a conference audience that often the only solution is to pay the ransom. Sysnet wants to make sure you do not have to face that moral dilemma and for that reason we are trying to inform you about the increasing threat and ensure you have taken all the necessary steps towards prevention.

The Badlock day has arrived!

Badlock is a a crucial security bug in Windows and Samba. Samba 4.4.2, 4.3.8 and 4.2.11 Security Releases are available [here]. 

Microsoft and the Samba Team have been working together in order to get this problem fixed and for a patch to be released. You will have to update your systems as this security flaw is expected to be actively exploited soon enough. 

Badlock is referenced by CVE-2016-2118 (SAMR and LSA man in the middle attacks possible).

There are additional CVEs related to Badlock. Those are:

• CVE-2015-5370 (Multiple errors in DCE-RPC code)
• CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
• CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
• CVE-2016-2112 (LDAP client and server don't enforce integrity)
• CVE-2016-2113 (Missing TLS certificate validation)
• CVE-2016-2114 ("server signing = mandatory" not enforced)
• CVE-2016-2115 (SMB IPC traffic is not integrity protected)

Please, find more information about badlock at the dedicated website created for that reason: badlock.org

Start Google Chrome in Incognito Mode by Default

I tend to use different browsers for different tasks, and that makes my life a lot easier when it comes to managing all the different things I have to do. From my point of view, the Google Chrome web browser is the ideal browser for its incognito mode when accessing known safe websites. 

In order to speed things up, I tend to start it in incognito mode by default. Not many people know this, but it is really easy to start Chrome in incognito mode by default. 

If you already have Chrome already installed, locate the executable on  your system. You can R-Click on your existing shortcut (i.e. on the Start menu) and choose, "Open file location".